Follow

Tagencryption

The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.

When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.

From my story for Wired about Google’s new encryption plugin for Chrome “End-to-End“:

Google won’t be able to scan encrypted email messages in order to target advertising. Security expert Eleanor Saitta believes this may lead to Google to discourage most users from actively using encryption. She worries that the End-to-End may simply be a publicity stunt designed to keep Google’s engineers happy while scoring points with privacy advocates.

She also points out Google has history of abandoning projects that don’t make the company money, such as iGoogle and Google Reader. If activists come to rely on Google’s encryption tools, but those tools are discontinued, they will be left without crucial protections. “People live and die by the long-term success and failure of communication platforms — I mean that in a very literal sense,” she says. “You cannot put people in a position where they are depending on a software platform for life safety issues and then simply terminate it.”

Her other worry is that the existence of Google’s own plugin may discourage people from building other alternatives, or make it harder for open source encryption projects to raise funds. For example, Mailpile raised over $100,000 last year to build a new open source email client that works with any email provider, including Gmail, and has PGP encryption baked in from the beginning. But it will need more funding eventually, and Saitta worries that potential backers may not be as motivated to contribute.

Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.

SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.

When you use messaging services like these, you’re depending on outside companies to properly encrypt your messages, store them safely, and protect them when the authorities come calling. And they may not be up to the task. The only way to ensure your messages are reasonably safe is to encrypt them yourself, using keys that no one has access to–including your messaging service provider. That way, even if hackers bust into your service provider or the authorities hit it with subpoenas, your messages are protected.

Unfortunately, this is easier said than done. Encryption tools are notoriously hard to use. But several projects are working to change this, building a more polished breed of encryption software that can serve the everyday consumer. A new open source project called Briar is part of this crowd, but it puts a fresh twist on the idea. It doesn’t just encrypt your messages. It lets you jettison your messaging service provider altogether. Your messages travel straight to the person you’re sending them to, without passing through a central server of any sort. It’s what’s known as a “peer-to-peer” tool.

This has a few advantages. You and your contacts keep complete control your data, but you needn’t setup your own computer server in order to do so. Plus, you can send messages without even connecting to the internet. Using Briar, you can send messages over Bluetooth, a shared WiFi connection, or even a shared USB stick. That could be a big advantage for people in places where internet connections are unreliable, censored, or non-existent.

Briar is still in alpha and not ready for use for high-risk scenarios. If you’re looking for something immediately, OffTheRecord and TextSecure are worth considering, but of course nothing is perfectly secure.

WikiLeaks remains under a near financial blockade, its founder under effective house arrest after having been granted asylum in the Ecuadorian Embassy in London. The group has yet to release anything as substantial as last year’s “Detainee Policies”—Balkanleaks remains one of the few “leaking sites” still going strong. Its recent insurance-key move comes precisely out of the WikiLeaks playbook.

More than two years ago, a flurry of new WikiLeaks clones sprung up around the world inspired by the world’s most famous transparency-driven organization. They had all kinds of names: QuebecLeaks, BaltiLeaks, EnviroLeaks, and more. PirateLeaks (based in the Czech Republic), BrusselsLeaks (Belgium) and RuLeaks (Russia) all did not respond to Ars’ requests for comments. […]

So how does Balkanleaks thrive where others haven’t?

Tchobanov, the site’s co-founder, boils it down to one word: Tor. It’s the open-source online anonymizing tool that’s become the de facto gold standard for hiding one’s tracks online. Balkanleaks provides instructions in Bulgarian, Serbian, Macedonian, and English, and the submission website is only available on its Tor-enabled server.

If, in 1995, some cypherpunks had published a book about the upcoming “postmodern surveillance dystopia,” most commentators would have shrugged it off as just a wee bit paranoid and ushered them into the Philip K. Dick Reading Room. Now, it is more likely that people will shrug and say, “that ship has already sailed.”

Sharing encryption keys the quantum way is exciting because it promises to be an incredibly secure way of doing encryption. In quantum cryptography, the encryption key is read by measuring the polarization of the photons being sent between computers. And according to Heisenberg’s uncertainty principle, anyone listening in on the communications would have to start messing with that polarization. And that would be detectable.

Up until now, the photons used to exchange quantum keys have been built using external lasers. But this new laser-free technique would be cheaper to mass-produce, says Sven Höfling, a group leader with the applied physics department at Würzburg University. “We can make Quantum key distribution with electrically driven sources,” he says. This is really compatible with standard semiconductor technology, meaning it could be, in principle, very cheap.”

‘Dead Drops’ is an anonymous, offline, peer to peer file-sharing network in public space. USB flash drives are embedded into walls, buildings and curbs accessable to anybody in public space. Everyone is invited to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your favorite files and data. Each dead drop is installed empty except a readme.txt file explaining the project. ‘Dead Drops’ is open to participation. If you want to install a dead drop in your city/neighborhood follow the ‘how to’ instructions and submit the location and pictures.

Now is a good time to establish lines of electronic communication that are not entirely (if at all) reliant on the Internet as it currently exists. Hand delivery of a stack of media is still one of my favorites. At a certain point it the best bit-per-second value known, it has certain privacy features that can’t be beat and it requires very little technical know-how or fancy equipment or money. For all the gnostic freakout of The Matrix, the scene where a disreputable character knocks on Mr. Anderson’s door and passes him a data disc might be the most prophetic.

Learning about cryptography, fidonet and the postal system won’t do anyone any harm. Nothing beats trusted person-to-person connections established in many only-partially overlapping social / professional circles.

Gawker is running an unbelievable story on website called Silk Road – an open market for mail ordering illegal drugs. And it’s only accessible through TOR:

Mark, a software developer, had ordered the 100 micrograms of acid through a listing on the online marketplace Silk Road. He found a seller with lots of good feedback who seemed to know what they were talking about, added the acid to his digital shopping cart and hit “check out.” He entered his address and paid the seller 50 Bitcoins—untraceable digital currency—worth around $150. Four days later the drugs, sent from Canada, arrived at his house.

The only thing that Jeff Garzik, the Bitcoin developer, forgot to mention are the extremely useful Bitcoin Laundries. They allow you to obscure and obfuscate the origin of a Bitcoin, allowing you to effectively ‘launder’ the Bitcoin so that network analysis would be futile. And they are free, simple, and widely available. They probably “forgot” that because it would make it seem even EASIER than it already is to buy drugs online.

Data encryption and storage has always been an important branch of research in computer engineering. In our project, we explored the possibility of harnessing a biological system as an alternative solution for data en/decryption and storage. Using bacteria as the information storage device is not new. However the practicability of previous research is being doubt due to the limited size of information available to be inserted into the bacteria.

We recognized the current barricades in developing a truly useful system and we forecasted the indispensable modules that one would be anticipating when putting fantasy into reality. This year, we have proposed a model that is a true, massively parallel bacterial data storage system.

In addition we have created an encryption module with the R64 Shufflon-Specific Recombinase to further secure the information. Together with the data proof-read/correction and random access modules developed, our expectation is high – we believe this could be an industrial standard in handling large scale data storage in living cells.

Installing the software takes barely a couple of minutes and requires minimal computer skills. You find the Freenet website, read a few terse instructions, and answer a few questions (“How much security do you need?” … “NORMAL: I live in a relatively free country” or “MAXIMUM: I intend to access information that could get me arrested, imprisoned, or worse”). Then you enter a previously hidden online world. In utilitarian type and bald capsule descriptions, an official Freenet index lists the hundreds of “freesites” available: “Iran News”, “Horny Kate”, “The Terrorist’s Handbook: A practical guide to explosives and other things of interests to terrorists”, “How To Spot A Pedophile [sic]”, “Freenet Warez Portal: The source for pirate copies of books, games, movies, music, software, TV series and more”, “Arson Around With Auntie: A how-to guide on arson attacks for animal rights activists”. There is material written in Russian, Spanish, Dutch, Polish and Italian. There is English-language material from America and Thailand, from Argentina and Japan. There are disconcerting blogs (“Welcome to my first Freenet site. I’m not here because of kiddie porn … [but] I might post some images of naked women”) and legally dubious political revelations. There is all the teeming life of the everyday internet, but rendered a little stranger and more intense. One of the Freenet bloggers sums up the difference: “If you’re reading this now, then you’re on the darkweb.”